Computers are valuable tools in large part for their ability to communicate with other computer systems and exchange information over computer networks. Networks typically comprise an interconnected group of computers, linked by wire, fiber optic, radio, or other data transmission means, to provide the computers with the ability to transfer information from computer to computer. The Internet is perhaps the best-known computer network, and enables millions of people to access millions of other computers such as by viewing web pages, sending e-mail, and by performing other computer-to-computer communication.
Because the size of the Internet is so large and Internet users are so diverse in their interests, it is not uncommon for malicious users or pranksters to attempt to communicate with other users' computers in a manner that poses a danger to the other users. For example, a hacker may attempt to log in to a corporate computer to steal, delete, or change information. Computer viruses, worms, and/or Trojan horse programs may be distributed to other computers, or unknowingly downloaded or executed by computer users. Further, computer users within an enterprise may on occasion attempt to perform unauthorized network communications, such as running file sharing programs or transmitting secrets from within the enterprise network to the Internet.
For these reasons, network administrators may deploy within networks a decoy computer system, or “honeypot,” that is designed to attract the attention of intruders and to gather and report information regarding intrusions. That is, the honeypot may be a server deployed within the enterprise network that simulates network services, such as database, application, and/or other services, with the express purpose of attracting malicious traffic to collect information respecting attack patterns and the source(s) of intrusions in order to identify infected network devices and suspected attackers.